Telematics data sharing, competition law and privacy rights

FOCUS: Insurers know that telematics data gathered from vehicles can be incredibly valuable and, naturally, they are keen to get access to data gathered by rivals. But in setting up data sharing arrangements they need to be careful not to break competition laws.08 Jan 2014

Insurers want access to a database of telematics data to help them set personalised premiums for individual drivers, but arrangements governing how that information is gathered, managed and accessed could be subject to scrutiny by competition regulators.

The Office of Fair Trading (OFT) has already shown it is willing to step in to address competition concerns in the insurance market, and a case it looked into in 2011 may provide some insights into the behaviour it will want to see when insurers handle telematics data.

Insurers will also have to consider privacy rights. Reforms anticipated to the EU data protection framework could introduce new rights for individuals that will need to be accounted for by anyone handling telematics data.

The benefits of telematics data sharing

'Telematics data' is a term that refers to the information that is collected about motorists' driving patterns. Insurance companies are increasingly recording that information via devices in cars, which allows them to set insurance premiums that reflect the driving style of motorists.

At the moment insurers, or the third parties they contract with, have access to the telematics data relevant to their policy holders. The industry is looking to develop a wider database of aggregated telematics data from which to identify general trends and use it as a reference point for setting premiums for individual drivers that more accurately reflect their risk profile. The wider the pool of data, the better the analysis will be and the more accurately insurers can individualise policies.

Good drivers stand to benefit from the arrangements too, since their premiums will fall as those of poor drivers rise.

There is potential for aggregated telematics data from across the industry to be used in a standardised way by insurers in relation to how they assess risk and set prices for premiums - this consistency across industry could be helpful for drivers but it could also raise potential competition concerns.

How telematics data could be aggregated and how competition law may be triggered

There are a variety of models that could be put in place to facilitate insurers' access to aggregated telematics data from across the industry.

What model is used could depend on whether insurers themselves can be said to own telematics data, or whether they would need a license to use it, for example from the technology providers – the companies that make and install the 'black boxes' that record driving habits. They may also need to enter into licensing arrangements if they wish to engage with data analytics providers that themselves enter into licensing deals to pool telematics data from across the industry.

Competition concerns may arise if one company dominates the market for either gathering telematics data or analysing and marketing the information. Under UK and EU competition laws, dominant businesses are prohibited from abusing their position in the market. An abuse of dominance can occur when a dominant company refuses to supply or provide access to essential facilities.

The market for telematics is growing and there is a strong possibility that in the future telematics data will be central to the way in which insurers set drivers’ premiums. This may mean that those in control of the data and access to it could raise the barriers to entry for other insurance providers or new entrants into the market for telematics data. In the same way, the EU Insurance Block Exemption currently exempts, subject to certain conditions, agreements which relate to the joint establishment and distribution of joint compilations, tables and studies. The European Commission considers that cooperation in this area is both specific to the insurance industry and necessary in order to price risks and thereby facilitate new market entry.

A 2001 case ruled on by the European Commission, which concerned a dominant pharmaceutical industry company's refusal to grant a rival a license to access structured sales data for prescription drugs, showed that dominant companies in a market can be found to be acting in breach of competition rules where they prevent access to data deemed indispensable to compete in a market.

Another model that could emerge could involve an information exchange mechanism delivered by a third party platform. Insurers could arrange to send their telematics data to the third party provider and arrange to access a larger database comprising aggregated data from a number of rivals. Similarly, the collection of telematics data through the use of exclusive arrangements between insurers or aggregators and the technology providers, may also lead to anti-competitive foreclosure by preventing rivals from accessing telematics data. Google is currently under investigation by the European Commission in relation to similar accusations with regard to its internet search engine and online advertising platform.

Whilst the exchange of information between competitors can lead to pro-competitive benefits; driving efficiencies and promoting innovation, it may also increase transparency which may reduce the incentive of companies to compete. In this scenario there is a risk of information exchange leading to anti-competitive effects such as harmonisation of pricing. . It is clear that how an individual insurer uses telematics data to assess risk and set prices is commercially sensitive to that insurer. Any agreement between insurers, whether through an industry body or not, to harmonise how data is used to set or influence premiums is likely to raise serious competition law concerns.

In 2011 the OFT forced seven insurers and two IT companies to limit the information they were sharing through a tool developed by credit reference agency Experian. 'Whatif?' was a market analysis tool that allowed insurers to access pricing information rival providers had given to brokers and the OFT raised concern that 'Whatif?' could be used by companies to co-ordinate their prices in breach of competition law rules.

Both UK and EU competition law prohibit agreements, arrangements and concerted business practices which appreciably prevent, restrict or distort competition, or have the intention of so doing, and which affect trade in the UK or the EU respectively.

In December 2011 the OFT accepted binding commitments from the nine companies involved in its investigation into 'Whatif?' to address its concerns. The commitments prevented insurers gaining access to data on rivals' future pricing intentions through the 'Whatif?' tool, among other things.

A similar information exchange platform used for telematics data would have to address similar potential concerns, with controls being placed on the kind of information that can be accessed and in particular, the commercial decisions (e.g. pricing of premiums) which individual insurance companies make as a result of access to the data, so as to avoid regulatory scrutiny.

Another way insurers could gain access to a wide pool of telematics data is by forming a joint venture company with one or more of its rivals.

Those arrangements could be subject to merger control rules, especially if the data company will operate on a stand alone basis, and regulators may similarly require the companies involved to restrict the nature of the data they share or even ensure that it is more generally available to the wider industry.

As more products and services become customised to the requirements of the individual consumer they raise novel challenges for both data protection and competition regulators. With the collection and commoditisation of personal data increasing, it is likely that the interplay between data protection and the competition rules will become more important. The accumulation of personal data was an issue raised but largely avoided in the Commission's merger control assessment of Google's acquisition of DoubleClick in 2008. Five years on and these concerns do not appear to have been resolved.

Privacy rights

Telematics data can constitute personal data, and therefore fall subject to data protection laws, on the basis that it records the activities of individual drivers, or a number of individuals.

UK insurers, and other companies that handle telematics data, are therefore obliged to act in accordance with the Data Protection Act. Where personal data has been anonymised, data protection laws no longer apply.

In particular the ABI said insurance companies need to obtain the consent of all named drivers on a telematics policy before they can collect personal telematics data about those individuals. In order to obtain that consent they needed to ensure the individuals were provided with "clear and comprehensive information" about how their personal telematics data would be collected and used, who had rights of access to the information and what their own rights were with respect to the data, it said.

Insurers do not need customers' consent to share their personal data with others where disclosure is necessary to prevent or detect crime, such as fraud. However, the Chartered Insurance Institute (CII) has questioned whether data sharing in the context of fraud prevention within the industry is currently always compliant with the data protection regime and has outlined plans to develop a protocol around data sharing in future.

These existing rules and developments are relevant to the telematics market, but insurers also need to be aware of forthcoming reforms to the data protection framework that could impact on the access they need to give policy holders to the data they hold about them.

At the moment all organisations are required, upon request, to facilitate individuals' access to their personal information. This right will continue under the reformed data protection reforms being developed at EU level. However, a new right of 'data portability' may be introduced and could impact on how telematics data is shared between rival motor insurance companies.

Under the latest proposals backed by a committee of MEPs, but still subject to wider negotiation, individuals would have the right to require businesses to hand them a copy of electronically processed personal data "in an electronic and interoperable format which is commonly used and allows for further use by the data subject without hindrance from the controller from whom the personal data are withdrawn". Businesses would have to facilitate the transfer of this data to a rival where it is "technically feasible".

Future regulation of the telematics market?

No specific legal framework has been drawn up in the UK or Europe to govern the use of in-vehicle devices that monitor driving.

However, the National Transport Commission (NTC) in Australia earlier this month set out its intention to lay down new rules on 'heavy vehicle telematics' (105-page / 1.78MB PDF). It wants to develop a framework that would allow the police access to data about how heavy vehicles have been driven, in order to enforce road safety laws, but ensure drivers' privacy rights are also respected.

The UK Government will likely be watching how the NTC's plans progress and review, in time, whether to regulate the industry in the same way.

Natasha Pearman is a competition law expert at Pinsent Masons, the law firm behind Out-Law.com